Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Your connection is not secure HTTP Strict Transport Security (HSTS)

  • 10 replies
  • 1 has this problem
  • 2878 views
  • Last reply by Pj

more options

After I updated to v65.0 (x64), all webpages (except Yahoo) gave me: "Your connection is not secure. This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate."

I read about changing the "security.enterprise_roots.enabled" value to "true" rather than the default "false" and this works, but I am afraid of future consequences.

I am using the following extensions in my Firefox installation: uBlock Origin, Disconnect

Operating system: Windows 7 Javascript enabled: Yes Cookies enabled: Yes Flash version: 32.0.0 Java version: Not installed Websockets supported: Yes Your full user agent string is: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0

Chosen solution

Thank you all for your help. I used Waterfox for a day or so - that way my "fix" for running a Mozilla product while surfing was satisfied. Then after a few days, I tried running Firefox (FF) again, giving the problem time to fix itself. It's working fine again... maybe Avast made some changes - or something. At any rate, FF is working fine again - no more errors, and I was able to change that setting back to the default.

Read this answer in context 👍 0

All Replies (10)

more options

Are you using Avast or AVG?

more options

hi, this is likely your avast/avg security software tampering with encrypted connections. please either try to reinstall your security software or else follow the more specific steps for it at How to troubleshoot security error codes on secure websites.

more options

I am using Avast. Let me look into your suggestion - thank you.

more options

Note, we STRONGLY suggest not using Avast because it has a tendency to do shady things that actually make your computer less secure (such as intercepting all your network traffic, which is why you have this error in Firefox).

It's better to uninstall it, and use Microsoft Security Essentials, which is free, lightweight and a far better anti-virus. Then, use Malwarebytes (www.malwarebytes.com) for monthly deep scans.

Beyond that, make sure you keep Windows up to date, including updating to Windows 10 if at all possible.

more options

Thank you for your suggestions. I hesitate to change my antivirus software for Firefox, much as I love FF. If I am to use the work-around that I have by setting the "security.enterprise_roots.enabled" to "true", I assume that's better than disabling the checking of the global HTTPS scanning by Avast.

I am also using the paid-for version of SUPERAntiSpyware.

As to switching to Windows 10 - I'll do that when I absolutely HAVE TO, and not before. Win10 is less responsive and slower on my hardware, from my experience.

Modified by zebra14

more options

Avast is generally known as a bad anti-virus (https://www.howtogeek.com/199829/avast-antivirus-was-spying-on-you-with-adware-until-this-week/) so even if it wasn't breaking Firefox it would be best to switch. What it is trying to do is basically attacking your secure connections, and that is putting your computer at risk. It's best to uninstall Avast and use Microsoft Security Essentials.

more options

zebra14 said

After I updated to v65.0 (x64), all webpages (except Yahoo) gave me: "Your connection is not secure. This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. I am using the following Extensions in my Firefox installation:
  • Cookie Manager 1.5
  • Cookie Quick Manager 0.4rc1
  • Disable WebRTC 1.0.20
  • Disconnect 5.18.21
  • Easy Youtube Video Downloader Express 14.3
  • Free Download Manager 3.0.27
  • iCloud Bookmarks 2.1.23
  • New Tab Homepage 0.6.2
  • To Google Translate 3.3
  • uBlock Origin 1.18.2
  • User-Agent Switcher 1.2.4
  • Video DownloadHelper 7.3.5

If you ReStart With Add-ons Disabled, does that help?


~Pj

more options

I did not know that you could query a machine remotely and see what extensions were installed in FF. Interesting!

At any rate, thanks for trying to help. I set the ""security.enterprise_roots.enabled" to the default "false" and then tried FF with all extensions disabled - then restarted FF. The problem is still there.

"Your connection is not secure

The owner of www.google.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate."

more options

Chosen Solution

Thank you all for your help. I used Waterfox for a day or so - that way my "fix" for running a Mozilla product while surfing was satisfied. Then after a few days, I tried running Firefox (FF) again, giving the problem time to fix itself. It's working fine again... maybe Avast made some changes - or something. At any rate, FF is working fine again - no more errors, and I was able to change that setting back to the default.

more options

zebra14 said

I tried running Firefox (FF) again, giving the problem time to fix itself. It's working fine again... maybe Avast made some changes - or something. At any rate, FF is working fine again - no more errors...

I suppose it was Avast, as I had a few 'errors', but not quite the problem you were having. But, perhaps FF did some changes, too. (Wink)


~Pj